PT-2023-2996 · Unknown+11 · Postgresql+10

Wolfgang Walther

Publicado

2023-05-10

Atualizado

2026-04-03

CVE-2023-2455

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PostgreSQL (affected versions not specified)

Description The issue is related to row security policies in PostgreSQL, which can be disregarded when user ID changes occur after inlining. This can lead to incorrect policies being applied, particularly in scenarios involving security definer functions or when a query is planned under one role and executed under another. As a result, a user may be able to perform reads and modifications that would otherwise be forbidden. This affects databases that have defined row security policies using CREATE POLICY.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-254

Identificadores relacionados

ALSA-2023:3714

ALSA-2023:4327

ALSA-2023:4527

ALSA-2023:4535

ALSA-2023:4539

ALSA-2023:5269

ALT-PU-2023-1775

ALT-PU-2023-1776

ALT-PU-2023-1777

ALT-PU-2023-1778

ALT-PU-2023-1779

ALT-PU-2023-1780

ALT-PU-2023-1855

ALT-PU-2023-1856

ALT-PU-2023-1857

ALT-PU-2023-1858

ALT-PU-2023-1859

ALT-PU-2023-1860

ALT-PU-2023-1917

ALT-PU-2023-1918

ALT-PU-2023-1919

ALT-PU-2023-5151

ALT-PU-2023-5198

ALT-PU-2023-5633

ALT-PU-2023-5634

ALT-PU-2023-5635

ALT-PU-2023-5636

ALT-PU-2023-5637

ALT-PU-2023-6628

ALT-PU-2023-6629

ALT-PU-2023-6630

BDU:2023-03024

BIT-POSTGRESQL-2023-2455

CESA-2023_4527

CESA-2023_4535

CESA-2023_4539

CESA-2023_5269

CLEANSTART-2026-FW42039

CLEANSTART-2026-HJ04971

CVE-2023-2455

DLA-3422-1

DSA-5401-1

ECHO-E6F8-757C-B54D

JLSEC-2026-41

MGASA-2023-0187

OESA-2023-1567

OESA-2023-1568

OESA-2023-1569

OPENSUSE-SU-2024:12929-1

OPENSUSE-SU-2024:12930-1

OPENSUSE-SU-2024:12931-1

OPENSUSE-SU-2024:12932-1

OPENSUSE-SU-2024:12933-1

OPENSUSE-SU-2024:14360-1

OPENSUSE-SU-2025:15580-1

RHSA-2023:3714

RHSA-2023:4313

RHSA-2023:4327

RHSA-2023:4527

RHSA-2023:4535

RHSA-2023:4539

RHSA-2023:5269

RHSA-2023:7545

RHSA-2023:7580

RHSA-2023:7666

RHSA-2023:7667

RHSA-2023:7694

RHSA-2023:7695

RHSA-2023:7772

RHSA-2023_3714

RHSA-2023_4327

RHSA-2023_4527

RHSA-2023_4535

RHSA-2023_4539

RHSA-2023_5269

RLSA-2023:3714

RLSA-2023:4327

RLSA-2023:4527

RLSA-2023:4535

RLSA-2023:4539

ROSA-SA-2024-2359

ROSA-SA-2024-2484

ROSA-SA-2024-2485

ROSA-SA-2024-2486

SUSE-SU-2023:2198-1

SUSE-SU-2023:2199-1

SUSE-SU-2023:2200-1

SUSE-SU-2023:2201-1

SUSE-SU-2023:2202-1

SUSE-SU-2023:2205-1

SUSE-SU-2023:2206-1

SUSE-SU-2023:2207-1

SUSE-SU-2023:2219-1

USN-6104-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Postgresql

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2023-2996 · Unknown+11 · Postgresql+10

CVE-2023-2455

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 225